From 2110206d8093bfd890722ac7d65485afa8541a54 Mon Sep 17 00:00:00 2001 From: gijs Date: Tue, 17 May 2005 14:01:48 +0000 Subject: [PATCH] - Adding otway rees and smart right protocols --- spdl/SPORE/NotModelled.txt | 5 +++ spdl/SPORE/otwayrees.spdl | 71 ++++++++++++++++++++++++++++++++++++++ spdl/SPORE/smartright.spdl | 65 ++++++++++++++++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 spdl/SPORE/otwayrees.spdl create mode 100644 spdl/SPORE/smartright.spdl diff --git a/spdl/SPORE/NotModelled.txt b/spdl/SPORE/NotModelled.txt index b1307b7..120e55f 100644 --- a/spdl/SPORE/NotModelled.txt +++ b/spdl/SPORE/NotModelled.txt @@ -16,3 +16,8 @@ not be modelled in scyther. This protocol relies on algebraic properties that can not be modelled in scyther. +- SK3 +This protocol relies on algebraic properties that can not be modelled in +scyther. It also has the notion of channels that can not be attacked, +which can not be modelled in scyther either. + diff --git a/spdl/SPORE/otwayrees.spdl b/spdl/SPORE/otwayrees.spdl new file mode 100644 index 0000000..274edc3 --- /dev/null +++ b/spdl/SPORE/otwayrees.spdl @@ -0,0 +1,71 @@ +# Otway Rees +# +# Modelled after the description in the SPORE library +# http://www.lsv.ens-cachan.fr/spore/otwayRees.html +# +# +# Note: +# This protocol uses a ticket so scyther will only be able to verify +# the protocol using the ARACHNE engine (-a) and type 2 matching (-m2) +# + + +secret const k : Function; + +usertype String,SessionKey,Ticket; + +protocol otwayrees(I,R,S) +{ + role I + { + const Ni : Nonce; + const M : String; + var Kir : SessionKey; + + send_1(I,R, M,I,R,{Ni,M,I,R}k(I,S) ); + read_4(R,I, M,{Ni,Kir}k(I,S) ); + + claim_I1(I, Secret,Kir); + #claim_I2(I, Nisynch); + } + + role R + { + var M : String; + const Nr : Nonce; + var Kir : SessionKey; + var T1,T2: Ticket; + + read_1(I,R, M,I,R, T1 ); + send_2(R,S, M,I,R, T1, { Nr,M,I,R }k(R,S) ); + read_3(S,R, M, T2, { Nr,Kir }k(R,S) ); + send_4(R,I, M, T2 ); + + claim_R1(R, Secret,Kir); + #claim_R2(R, Nisynch); + } + + role S + { + var Ni,Nr : Nonce; + var M : String; + const Kir : SessionKey; + + read_2(R,S, M,I,R, { Ni,M,I,R}k(I,S), { Nr,M,I,R }k(R,S) ); + send_3(S,R, M, { Ni,Kir }k(I,S) , { Nr,Kir }k(R,S) ); + } +} + +const Alice, Bob, Eve, Simon: Agent; + +untrusted Eve; +compromised k(Eve,Simon); + +run otwayrees.A(Alice, Agent, Simon); +run otwayrees.B(Agent, Bob, Simon); +run otwayrees.S(Agent, Agent, Simon); + +run otwayrees.A(Agent, Agent, Simon); +run otwayrees.B(Agent, Agent, Simon); +run otwayrees.S(Agent, Agent, Simon); + diff --git a/spdl/SPORE/smartright.spdl b/spdl/SPORE/smartright.spdl new file mode 100644 index 0000000..788e073 --- /dev/null +++ b/spdl/SPORE/smartright.spdl @@ -0,0 +1,65 @@ +# SmartRight view-only +# +# Modelled after the description in the SPORE library +# http://www.lsv.ens-cachan.fr/spore/smartright_viewonly.html +# +# Note: +# According to SPORE there are no known attacks on this protocol +# +# Note: +# This protocol uses a ticket so scyther will only be able to verify +# the protocol using the ARACHNE engine (-a) and type 2 matching (-m2) +# +# Note: +# Scyther finds an attack because the value of VoR in te last message can +# be replaced with an arbitrary value + +const hash: Function; +secret unhash: Function; +secret k: Function; +inversekeys (hash,unhash); +usertype SessionKey; +usertype Ticket; +usertype XorKey; +const Vor: XorKey; + +protocol smartright(I,R) +{ + role I + { + const VoKey: SessionKey; + const VoR: XorKey; + const CW; + var VoRi: Nonce; + + send_1(I,R, {VoKey,{CW}VoR}k(I,R)); + read_2(R,I, VoRi); + send_3(I,R, VoR, {{VoRi}hash}VoKey); + } + + role R + { + var T: Ticket; + var VoR: XorKey; + var VoKey: SessionKey; + const VoRi: Nonce; + + read_1(I,R, {VoKey,T}k(I,R)); + send_2(R,I, VoRi); + read_3(I,R, VoR,{{VoRi}hash}VoKey); + + claim_R1(R,Nisynch); + } +} + +const Alice,Bob,Eve: Agent; + +untrusted Eve; +const ne: Nonce; + +# General scenario, 2 parallel runs of the protocol + +run smartright.I(Agent,Agent); +run smartright.R(Agent,Agent); +run smartright.I(Agent,Agent); +run smartright.R(Agent,Agent);